Threat behavior

Adware:Win32/ClickPotato is a program that displays pop-up and notification-style advertisements based on the user's browsing habits.

ClickPotato offers a free tool that allows users to access and search free streaming videos of popular films and TV shows. The tool is a multi-component adware program designed to monitor a user’s online browsing behavior to deliver targeted advertising. It may also install components related to Win32/Hotbar and Win32/ShopperReport.

Where %programfiles% represents the users program folder and %varies% is a three digit number indicating the release number.

Creates the following file in this directory:npclntax_ClickPotatoLiteSA.dll

Creates directory:<start menu>\ClickPotato\

Note: <start menu> refers to a variable location that is determined by the malware by querying the Operating System. The default location for the 'Start Menu' folder for Windows 9x, Me, NT, 2000, XP and 2003 is '%USERPROFILE%\Start Menu'. For Windows Vista and 7, the default location is '%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu'.